Since there is no guide for it, just scattered pieces here and there - let's make one. I'll try it out on my Gemini, and convert this post to one complete, detailed, newbie-friendly guide covering the process from the very beginning till the very end, so that new Gemini users seeking privacy won't need to suffer. Looking forward to suggestions, and/or tried&tested links.

After wasting a few days, done.

ROOTING YOUR DEVICE AND ALLOWING APP INSTALLATION FROM UNKNOWN SOURCES MAY HAVE NEGATIVE SECURITY IMPLICATIONS. MAKE SURE YOU KNOW WHAT YOU'RE DOING AND WHY BEFORE FOLLOWING THIS GUIDE.

2. Download rooted Android firmware (& Linux/Sailfish if you want) and appropriate scatter file after specifying your model and partitioning from http://support.planetcom.co.uk/partitionTool.html* You need both the scattered file and the firmware, using firmware downloaded in the first step won't do.

3. Flash rooted firmware with appropriate scatter file to the device. Take a look at the guide again http://support.planetcom.co.uk/index.php/A..._Flashing_Guide* You need to put scatter file in folder with rooted firmware* Restart your Gemini by holding Fn+Esc and selecting Restart after setting everything up and connecting it to computer

This guide is not perfect and reflects my personal experience messing with all this for the last two days. I did everything described for the first time in my life so my approach may be not the best, so feel free to offer better solutions - I'll be happy to improve the guide.

First I think you will have to define by what you personally class as 'spyware' For example there was some post floating around a while ago talking about MTK 'spyware' that turned out to be referring to a logger recording system events. There was no indication that this was being used in any unknown way or being uploaded anywhere and this kind of logging has very legitimate uses for software development and crash reporting. So is that spyware? not in my opinion but in many others it is.

Then there is Google. By using a Google operating system you kind of expect Google to have to have some information about you. Imagine trying to buy something online and telling the shop they couldn't have you address or know what you wanted to buy, but you expected it to be delivered all the same. What Google wants to know about you is all contained in their terms and conditions which we agree to at set up. We can't expect to use their 'free' operating system without them having a business model that enables them to deliver that in some way. We can adjust, limit and prevent some stuff but some information has to be exchanged for the system to work. As we have agreed to this in my opioon this cannot be considered 'spyware' as to me spyware is something outside of my control.

So I think it would be useful to define your aims and bounds. Are you going full tinfoil hat parinoia? in which case mobile devices and the Internet are probably not places for you (as well as MTK, Google et Al you need to think about your ISP, mobile carrier, government agencies blah blah blah) or do you truly mean actual spyware? in which case limit which apps can send data to those that you trust, job done 👍

Then there is Google. By using a Google operating system you kind of expect Google to have to have some information about you. Imagine trying to buy something online and telling the shop they couldn't have you address or know what you wanted to buy, but you expected it to be delivered all the same. What Google wants to know about you is all contained in their terms and conditions which we agree to at set up. We can't expect to use their 'free' operating system without them having a business model that enables them to deliver that in some way. We can adjust, limit and prevent some stuff but some information has to be exchanged for the system to work. As we have agreed to this in my opioon this cannot be considered 'spyware' as to me spyware is something outside of my control.

Android forks like lineage os make it possible to use an android device without google libraries, without a google account and without agreeing to their terms and conditions. I think that the O.P. had something similar in mind.

Then there is Google. By using a Google operating system you kind of expect Google to have to have some information about you. Imagine trying to buy something online and telling the shop they couldn't have you address or know what you wanted to buy, but you expected it to be delivered all the same. What Google wants to know about you is all contained in their terms and conditions which we agree to at set up. We can't expect to use their 'free' operating system without them having a business model that enables them to deliver that in some way. We can adjust, limit and prevent some stuff but some information has to be exchanged for the system to work. As we have agreed to this in my opioon this cannot be considered 'spyware' as to me spyware is something outside of my control.

Android forks like lineage os make it possible to use an android device without google libraries, without a google account and without agreeing to their terms and conditions. I think that the O.P. had something similar in mind.

Probably, but I don't class that a spy ware, hence the question define the aim... And why pick on Google? You have to agree to your ISP and carriers T&Cs so what makes those so agreeable over Google's?

First I think you will have to define by what you personally class as 'spyware' For example there was some post floating around a while ago talking about MTK 'spyware' that turned out to be referring to a logger recording system events. There was no indication that this was being used in any unknown way or being uploaded anywhere and this kind of logging has very legitimate uses for software development and crash reporting. So is that spyware? not in my opinion but in many others it is.

Then there is Google. By using a Google operating system you kind of expect Google to have to have some information about you. Imagine trying to buy something online and telling the shop they couldn't have you address or know what you wanted to buy, but you expected it to be delivered all the same. What Google wants to know about you is all contained in their terms and conditions which we agree to at set up. We can't expect to use their 'free' operating system without them having a business model that enables them to deliver that in some way. We can adjust, limit and prevent some stuff but some information has to be exchanged for the system to work. As we have agreed to this in my opioon this cannot be considered 'spyware' as to me spyware is something outside of my control.

So I think it would be useful to define your aims and bounds. Are you going full tinfoil hat parinoia? in which case mobile devices and the Internet are probably not places for you (as well as MTK, Google et Al you need to think about your ISP, mobile carrier, government agencies blah blah blah) or do you truly mean actual spyware? in which case limit which apps can send data to those that you trust, job done ��

The problem is more with the fact that not only is data collected, but it ain't properly secured and can be leaked to third parties. I generally may put my trust in Google - but I don't trust their security procedures, and if they are compromised - given how much they collect about a person, it may have disastrous consequences in real life. * (MTK) Duraspeed - sents info about apps used (for the purposes of optimization, supposedly) - I don't use it, I don't want the data about the apps I use to be shared with anyone.* MTKLogger - still researching this one.

As for other stuff you mentioned:* ISP - I have decent VPN which I trust, for years, and appropriately setup OS'es with firewalls preventing any sensitive data outside the tunnel - be it Windows 10 (with all telemetry disabled and no MS account), Android (in the form of LineageOS up until now) or Linux. * Mobile carrier - one can always purchase a SIM card bound to another person. This is MTK phone, so I assume I can just put zeroes in IMEI without bricking and call it a day, no? * Government agencies - well, I currently live in a anti-democratic shithole where people literally go to jail for writing something that government doesn't like on the Internet or saying on other media, even if it was published years before the law against it was approved and thus was legal at the time - so you can guess the picture and my attitude. * Websites also track you, and not only by IP - by browser fingerprint as well, including device charge level, screen resolution, etc. But it can also be countered, with extensions like NoScript, Privacy Badger, etc. - and ad-blockers also help in this regard.

Bottom line - not full-on tin-hat mode, just some compromise between privacy&security and ease of use.

QUOTE(jerome @ Aug 8 2018, 10:59 PM)

Android forks like lineage os make it possible to use an android device without google libraries, without a google account and without agreeing to their terms and conditions. I think that the O.P. had something similar in mind.

All my smartphones before were either LineageOS/CyanogenMod, or Linux(Maemo). Sadly LineageOS for Gemini is in poor condition, so no-go.

QUOTE(graynada @ Aug 8 2018, 11:35 PM)

Probably, but I don't class that a spy ware, hence the question define the aim... And why pick on Google? You have to agree to your ISP and carriers T&Cs so what makes those so agreeable over Google's?

The problem is more with the fact that not only is data collected, but it ain't properly secured and can be leaked to third parties. I generally may put my trust in Google - but I don't trust their security procedures, and if they are compromised - given how much they collect about a person, it may have disastrous consequences in real life.

Fortunately we have data protection laws in this country that mean that Google and everyone else has to protect any personal information they are entrusted with. We have just had these laws tightened and I would expect that by Google's compliance with these laws you in another country are benefiting from it.

QUOTE

ISP - I have decent VPN which I trust, for years, and appropriately setup OS'es with firewalls preventing any sensitive data outside the tunnel

But you have signed a contract with them. Given them your home address, email, maybe even telephone number, date of birth and bank account details to enable payment. This is all information you must entrust them to protect but you don't entrust Google? I find this selective approach confusing.

My question remains. What is the aim of your thread? Complete anonymity from everything and everyone? (tinfoil hat) in which case you have failed by registering with Indegogo to buy a Gemini! Or the removal of actual spyware ie real deliberately malicious underhanded software?

Fortunately we have data protection laws in this country that mean that Google and everyone else has to protect any personal information they are entrusted with. We have just had these laws tightened and I would expect that by Google's compliance with these laws you in another country are benefiting from it.

Laws don't protect you from human errors or ignorance. Google draws their profits from selling user data to advertisers, not storing user data in secure way. Meaning, e.g. providing decent search results or quality voice assistant is way up on their priority list, while keeping the user data well secured somewhere on the bottom. Moreover that, Google&Apple have monopolized mobile OS market. There simply are no viable alternatives - even more restricted Windows Mobile is dead, and Sailfish is not mature enough.

QUOTE(graynada @ Aug 9 2018, 03:56 AM)

But you have signed a contract with them. Given them your home address, email, maybe even telephone number, date of birth and bank account details to enable payment. This is all information you must entrust them to protect but you don't entrust Google? I find this selective approach confusing.

My question remains. What is the aim of your thread? Complete anonymity from everything and everyone? (tinfoil hat) in which case you have failed by registering with Indegogo to buy a Gemini! Or the removal of actual spyware ie real deliberately malicious underhanded software?

Does anybody provide banking information to ISP, really? They know much less about you or me than Google - because they don't collect behavior patterns, even if they're able to analyze your traffic (not mine). But Google goes well beyond that, it has access to everything, and does not provide an option to use their services without participating in data collection.

MTKLogger can be exploited to access user browsing history, location, etc. It is insecure by design and does not provide end user any benefit. I call it spyware, no matter the fact that it comes from chipset manufacturer. As with Google services - I don't want them transmitting anything of my use patterns without my deliberate agreement, but here they are preinstalled on the device and I can't opt out without applying drastic measures like rooting and uninstalling with third-party software - so for me, they're exactly spyware.

By the way, MTKLogger is the only thing mentioned in this thread that I wasn't able to purge from my Gemini so far - Duraspeed and everything Google are gone.

I think you have answered my question. It' is not just true spyware you want to get rid of but all data collection including legitimate and agreed to data collection but only by specific companies. I wonder what you use the Internet for if you won't agree to any terms and conditions that include holding data about you. No online shopping, no social networking, presumably no phone calls or SMS and of course no online forums...... But wait

And yes of course my ISP has my bank details so they can get there monthly fee by direct debt. Saves me queuing up each month hidden from CCTV cameras with my foil lined hood on to pay cash in random bank notes carefully collected from various outlets (no cash points please, they might know what you are up to) to settle my bill!

I think you have answered my question. It' is not just true spyware you want to get rid of but all data collection including legitimate and agreed to data collection but only by specific companies. I wonder what you use the Internet for if you won't agree to any terms and conditions that include holding data about you. No online shopping, no social networking, presumably no phone calls or SMS and of course no online forums...... But wait

And yes of course my ISP has my bank details so they can get there monthly fee by direct debt. Saves me queuing up each month hidden from CCTV cameras with my foil lined hood on to pay cash in random bank notes carefully collected from various outlets (no cash points please, they might know what you are up to) to settle my bill!

You clearly are not interested in the subject of this thread and came to troll about tin foil hats. The fact that you don't deal with sensitive data and potential exploit or backdoor on your smartphone is the least of your concerns does not in any way diminish your ignorance towards needs of other people who do, or justify such behavior on forum of device enthusiasts. Well, good job, have a nice day, and finally gtfo this thread.

While I appreciate and admire people's struggle to keep their privacy, I don't believe their efforts are any more successful than my own common sense (a. don't say anything on the internet that you wouldn't say to someone's face b. make certain your financial institutions will back you up in case of fraud).

I truly believe that Alexander Graham Bell's second invention was to monitor activity on his first, and every subsequent advent in communication has done the same.

I don't do porn, I'm faithful to my wife, I buy apps rather than crack them, making me very boring and I'm sure google, my Verizon ISP, and T-Mobile know everything about me, just as they know everything about everybody else.

My jaunty cynicism aside, NCI's statement about "Government agencies - well, I currently live in a anti-democratic shithole where people literally go to jail for writing something that government doesn't like on the Internet or saying on other media, even if it was published years before the law against it was approved and thus was legal at the time" is obviously the paramount concern with regard to both privacy and life in general.

If your government is jailing folks for disagreeing, then a. be very careful and b. get the hell out of said country. Because LineageOS or whatever other safety measure will not subvert fascism. They know as much about you as they know about me.

As they used to say in Russia, "These days, a man says what's on his mind only to his wife, under the covers."

Well, answering "but you shouldn't mind data collection" to "how can I turn off data collection" may not be the most productive answer. Anyway, on topic, I think LineageOS works largely without it, so maybe just put LineageOS without GAPPS on your Gemini? I think there's a custom build available, although I don't know how well it works. Getting rid of everything in the stock ROM is probably not very practical, since that's not intended by Google for the reasons hinted at above, no matter if you hate that or not, or consider that spyware or not.

Fair enough, on topic, I pay 15usd yearly to Kaspersky Mobile. The app appears to work very hard, gives the device a clean bill of health, and the fact that it's Russian-made software is not lost on my American sense of irony.

Anyway, on topic, I think LineageOS works largely without it, so maybe just put LineageOS without GAPPS on your Gemini? I think there's a custom build available, although I don't know how well it works. Getting rid of everything in the stock ROM is probably not very practical, since that's not intended by Google for the reasons hinted at above, no matter if you hate that or not, or consider that spyware or not.

LineageOS for Gemini sadly has broken telephony and looks abandoned.

I managed to add open-source location services to my Gemini. However, I can't find a satisfying launcher. Stock launcher is actually OK - but it has impossible to remove searchbar, and seemingly prevents installation of non-GSP version of same launcher. Lack of settings, however, is depressing; I can't even turn on battery percentage in status area. Guess I'll give Sailfish a try.